CVE-2020-36871

UNKNOWN 0.0

ESCAM QD-900 Unauthenticated Configuration Disclosure

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

ESCAM QD-900 WIFI HD cameras contain an unauthenticated configuration disclosure vulnerability in the /web/cgi-bin/hi3510/backup.cgi endpoint. The endpoint allows remote download of a compressed configuration backup without requiring authentication or authorization. The exposed backup can include administrative credentials and other sensitive device settings, enabling an unauthenticated remote attacker to obtain information that may facilitate further compromise of the camera or connected network.

CWE	CWE-306
Vendor	escam
Product	qd-900 wifi hd camera
Published	Nov 26, 2025
Last Updated	Apr 7, 2026

Stay Ahead of the Next One

Get instant alerts for escam qd-900 wifi hd camera

Be the first to know when new unknown vulnerabilities affecting escam qd-900 wifi hd camera are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

ESCAM / QD-900 WIFI HD Camera

References

NVD ↗ CVE.org ↗ EPSS Data ↗

packetstorm.news: https://packetstorm.news/files/id/156492/ exploit-db.com: https://www.exploit-db.com/exploits/48107 vulncheck.com: https://www.vulncheck.com/advisories/escam-qd900-unauthenticated-config-disclosure

Credits

Todor Donev